Description:
Two vulnerabilities were reported in Trend Micro OfficeScan. A local user can gain elevated privileges. A local user can cause denial of service conditions.

A local user can send specially crafted data to the target firewall service (TmPfw.exe) to trigger a heap overflow and execute arbitrary code on the target system [CVE-2008-3865]. The code will run with System level privileges.

A local user send specially crafted data to the target firewall service (TmPfw.exe) to cause the target service to crash [CVE-2008-3864].